summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2011-03-14 23:06:40 +0100
committerJelmer Vernooij <jelmer@samba.org>2011-03-14 23:53:46 +0100
commit431853c84644c02e6bff1b325af5e94d3b1eacc6 (patch)
tree7206df22625034211ab120c590bb81792fac3d28 /source4/heimdal/lib/krb5
parent8dfa224c1350a9cb3a2d35fae7721bebecfe7934 (diff)
downloadsamba-431853c84644c02e6bff1b325af5e94d3b1eacc6.tar.gz
samba-431853c84644c02e6bff1b325af5e94d3b1eacc6.tar.bz2
samba-431853c84644c02e6bff1b325af5e94d3b1eacc6.zip
Merge new lorikeet heimdal, revision 85ed7247f515770c73b1f1ced1739f6ce19d75d2
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Mar 14 23:53:46 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/context.c4
-rw-r--r--source4/heimdal/lib/krb5/crypto-aes.c18
-rw-r--r--source4/heimdal/lib/krb5/crypto-algs.c4
-rw-r--r--source4/heimdal/lib/krb5/crypto-arcfour.c28
-rw-r--r--source4/heimdal/lib/krb5/crypto-des-common.c12
-rw-r--r--source4/heimdal/lib/krb5/crypto-des.c54
-rw-r--r--source4/heimdal/lib/krb5/crypto-des3.c24
-rw-r--r--source4/heimdal/lib/krb5/crypto-evp.c18
-rw-r--r--source4/heimdal/lib/krb5/crypto-null.c10
-rw-r--r--source4/heimdal/lib/krb5/crypto-pk.c4
-rw-r--r--source4/heimdal/lib/krb5/crypto.c162
-rw-r--r--source4/heimdal/lib/krb5/crypto.h99
-rw-r--r--source4/heimdal/lib/krb5/get_cred.c6
-rw-r--r--source4/heimdal/lib/krb5/keytab.c5
-rw-r--r--source4/heimdal/lib/krb5/krb5.h2
-rw-r--r--source4/heimdal/lib/krb5/pac.c4
-rw-r--r--source4/heimdal/lib/krb5/plugin.c14
-rw-r--r--source4/heimdal/lib/krb5/salt-aes.c4
-rw-r--r--source4/heimdal/lib/krb5/salt.c10
19 files changed, 244 insertions, 238 deletions
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index d4e48d26c7..b6c6870938 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -317,7 +317,7 @@ kt_ops_copy(krb5_context context, const krb5_context src_context)
return 0;
}
-static const char *sysplugin_dirs[] = {
+static const char *sysplugin_dirs[] = {
LIBDIR "/plugin/krb5",
#ifdef __APPLE__
"/Library/KerberosPlugins/KerberosFrameworkPlugins",
@@ -332,7 +332,7 @@ init_context_once(void *ctx)
krb5_context context = ctx;
_krb5_load_plugins(context, "krb5", sysplugin_dirs);
-
+
bindtextdomain(HEIMDAL_TEXTDOMAIN, HEIMDAL_LOCALEDIR);
}
diff --git a/source4/heimdal/lib/krb5/crypto-aes.c b/source4/heimdal/lib/krb5/crypto-aes.c
index 25c675c900..e8facd85dd 100644
--- a/source4/heimdal/lib/krb5/crypto-aes.c
+++ b/source4/heimdal/lib/krb5/crypto-aes.c
@@ -37,12 +37,12 @@
* AES
*/
-static struct key_type keytype_aes128 = {
+static struct _krb5_key_type keytype_aes128 = {
KEYTYPE_AES128,
"aes-128",
128,
16,
- sizeof(struct evp_schedule),
+ sizeof(struct _krb5_evp_schedule),
NULL,
_krb5_evp_schedule,
_krb5_AES_salt,
@@ -51,12 +51,12 @@ static struct key_type keytype_aes128 = {
EVP_aes_128_cbc
};
-static struct key_type keytype_aes256 = {
+static struct _krb5_key_type keytype_aes256 = {
KEYTYPE_AES256,
"aes-256",
256,
32,
- sizeof(struct evp_schedule),
+ sizeof(struct _krb5_evp_schedule),
NULL,
_krb5_evp_schedule,
_krb5_AES_salt,
@@ -65,7 +65,7 @@ static struct key_type keytype_aes256 = {
EVP_aes_256_cbc
};
-struct checksum_type _krb5_checksum_hmac_sha1_aes128 = {
+struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128 = {
CKSUMTYPE_HMAC_SHA1_96_AES_128,
"hmac-sha1-96-aes128",
64,
@@ -75,7 +75,7 @@ struct checksum_type _krb5_checksum_hmac_sha1_aes128 = {
NULL
};
-struct checksum_type _krb5_checksum_hmac_sha1_aes256 = {
+struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256 = {
CKSUMTYPE_HMAC_SHA1_96_AES_256,
"hmac-sha1-96-aes256",
64,
@@ -91,7 +91,7 @@ AES_PRF(krb5_context context,
const krb5_data *in,
krb5_data *out)
{
- struct checksum_type *ct = crypto->et->checksum;
+ struct _krb5_checksum_type *ct = crypto->et->checksum;
krb5_error_code ret;
Checksum result;
krb5_keyblock *derived;
@@ -139,7 +139,7 @@ AES_PRF(krb5_context context,
return ret;
}
-struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
+struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
ETYPE_AES128_CTS_HMAC_SHA1_96,
"aes128-cts-hmac-sha1-96",
16,
@@ -154,7 +154,7 @@ struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1 = {
AES_PRF
};
-struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
+struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1 = {
ETYPE_AES256_CTS_HMAC_SHA1_96,
"aes256-cts-hmac-sha1-96",
16,
diff --git a/source4/heimdal/lib/krb5/crypto-algs.c b/source4/heimdal/lib/krb5/crypto-algs.c
index 5e468f360a..ed31377bd0 100644
--- a/source4/heimdal/lib/krb5/crypto-algs.c
+++ b/source4/heimdal/lib/krb5/crypto-algs.c
@@ -37,7 +37,7 @@
#define DES3_OLD_ENCTYPE 1
#endif
-struct checksum_type *_krb5_checksum_types[] = {
+struct _krb5_checksum_type *_krb5_checksum_types[] = {
&_krb5_checksum_none,
#ifdef HEIM_WEAK_CRYPTO
&_krb5_checksum_crc32,
@@ -63,7 +63,7 @@ int _krb5_num_checksums
* these should currently be in reverse preference order.
* (only relevant for !F_PSEUDO) */
-struct encryption_type *_krb5_etypes[] = {
+struct _krb5_encryption_type *_krb5_etypes[] = {
&_krb5_enctype_aes256_cts_hmac_sha1,
&_krb5_enctype_aes128_cts_hmac_sha1,
&_krb5_enctype_des3_cbc_sha1,
diff --git a/source4/heimdal/lib/krb5/crypto-arcfour.c b/source4/heimdal/lib/krb5/crypto-arcfour.c
index d098561474..82769aea62 100644
--- a/source4/heimdal/lib/krb5/crypto-arcfour.c
+++ b/source4/heimdal/lib/krb5/crypto-arcfour.c
@@ -37,12 +37,12 @@
#include "krb5_locl.h"
-static struct key_type keytype_arcfour = {
+static struct _krb5_key_type keytype_arcfour = {
KEYTYPE_ARCFOUR,
"arcfour",
128,
16,
- sizeof(struct evp_schedule),
+ sizeof(struct _krb5_evp_schedule),
NULL,
_krb5_evp_schedule,
_krb5_arcfour_salt,
@@ -57,17 +57,17 @@ static struct key_type keytype_arcfour = {
krb5_error_code
_krb5_HMAC_MD5_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
EVP_MD_CTX *m;
- struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
+ struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
const char signature[] = "signaturekey";
Checksum ksign_c;
- struct key_data ksign;
+ struct _krb5_key_data ksign;
krb5_keyblock kb;
unsigned char t[4];
unsigned char tmp[16];
@@ -105,7 +105,7 @@ _krb5_HMAC_MD5_checksum(krb5_context context,
return 0;
}
-struct checksum_type _krb5_checksum_hmac_md5 = {
+struct _krb5_checksum_type _krb5_checksum_hmac_md5 = {
CKSUMTYPE_HMAC_MD5,
"hmac-md5",
64,
@@ -123,16 +123,16 @@ struct checksum_type _krb5_checksum_hmac_md5 = {
static krb5_error_code
ARCFOUR_subencrypt(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
unsigned usage,
void *ivec)
{
EVP_CIPHER_CTX ctx;
- struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
+ struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
Checksum k1_c, k2_c, k3_c, cksum;
- struct key_data ke;
+ struct _krb5_key_data ke;
krb5_keyblock kb;
unsigned char t[4];
unsigned char *cdata = data;
@@ -190,16 +190,16 @@ ARCFOUR_subencrypt(krb5_context context,
static krb5_error_code
ARCFOUR_subdecrypt(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
unsigned usage,
void *ivec)
{
EVP_CIPHER_CTX ctx;
- struct checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
+ struct _krb5_checksum_type *c = _krb5_find_checksum (CKSUMTYPE_RSA_MD5);
Checksum k1_c, k2_c, k3_c, cksum;
- struct key_data ke;
+ struct _krb5_key_data ke;
krb5_keyblock kb;
unsigned char t[4];
unsigned char *cdata = data;
@@ -290,7 +290,7 @@ _krb5_usage2arcfour(krb5_context context, unsigned *usage)
static krb5_error_code
ARCFOUR_encrypt(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@@ -309,7 +309,7 @@ ARCFOUR_encrypt(krb5_context context,
return ARCFOUR_subdecrypt (context, key, data, len, keyusage, ivec);
}
-struct encryption_type _krb5_enctype_arcfour_hmac_md5 = {
+struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5 = {
ETYPE_ARCFOUR_HMAC_MD5,
"arcfour-hmac-md5",
1,
diff --git a/source4/heimdal/lib/krb5/crypto-des-common.c b/source4/heimdal/lib/krb5/crypto-des-common.c
index 82d344f28f..f8313952dc 100644
--- a/source4/heimdal/lib/krb5/crypto-des-common.c
+++ b/source4/heimdal/lib/krb5/crypto-des-common.c
@@ -57,12 +57,12 @@ _krb5_xor (DES_cblock *key, const unsigned char *b)
krb5_error_code
_krb5_des_checksum(krb5_context context,
const EVP_MD *evp_md,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
Checksum *cksum)
{
- struct evp_schedule *ctx = key->schedule->data;
+ struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_MD_CTX *m;
DES_cblock ivec;
unsigned char *p = cksum->checksum.data;
@@ -90,12 +90,12 @@ _krb5_des_checksum(krb5_context context,
krb5_error_code
_krb5_des_verify(krb5_context context,
const EVP_MD *evp_md,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
Checksum *C)
{
- struct evp_schedule *ctx = key->schedule->data;
+ struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_MD_CTX *m;
unsigned char tmp[24];
unsigned char res[16];
@@ -130,7 +130,7 @@ _krb5_des_verify(krb5_context context,
static krb5_error_code
RSA_MD5_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -141,7 +141,7 @@ RSA_MD5_checksum(krb5_context context,
return 0;
}
-struct checksum_type _krb5_checksum_rsa_md5 = {
+struct _krb5_checksum_type _krb5_checksum_rsa_md5 = {
CKSUMTYPE_RSA_MD5,
"rsa-md5",
64,
diff --git a/source4/heimdal/lib/krb5/crypto-des.c b/source4/heimdal/lib/krb5/crypto-des.c
index f6c09ba40c..1c062b5e61 100644
--- a/source4/heimdal/lib/krb5/crypto-des.c
+++ b/source4/heimdal/lib/krb5/crypto-des.c
@@ -49,8 +49,8 @@ krb5_DES_random_key(krb5_context context,
static void
krb5_DES_schedule_old(krb5_context context,
- struct key_type *kt,
- struct key_data *key)
+ struct _krb5_key_type *kt,
+ struct _krb5_key_data *key)
{
DES_set_key_unchecked(key->key->keyvalue.data, key->schedule->data);
}
@@ -68,7 +68,7 @@ krb5_DES_random_to_key(krb5_context context,
_krb5_xor(k, (const unsigned char*)"\0\0\0\0\0\0\0\xf0");
}
-static struct key_type keytype_des_old = {
+static struct _krb5_key_type keytype_des_old = {
KEYTYPE_DES,
"des-old",
56,
@@ -80,12 +80,12 @@ static struct key_type keytype_des_old = {
krb5_DES_random_to_key
};
-static struct key_type keytype_des = {
+static struct _krb5_key_type keytype_des = {
KEYTYPE_DES,
"des",
56,
8,
- sizeof(struct evp_schedule),
+ sizeof(struct _krb5_evp_schedule),
krb5_DES_random_key,
_krb5_evp_schedule,
_krb5_des_salt,
@@ -96,7 +96,7 @@ static struct key_type keytype_des = {
static krb5_error_code
CRC32_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -115,7 +115,7 @@ CRC32_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -128,7 +128,7 @@ RSA_MD4_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_DES_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -139,7 +139,7 @@ RSA_MD4_DES_checksum(krb5_context context,
static krb5_error_code
RSA_MD4_DES_verify(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -150,7 +150,7 @@ RSA_MD4_DES_verify(krb5_context context,
static krb5_error_code
RSA_MD5_DES_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -161,7 +161,7 @@ RSA_MD5_DES_checksum(krb5_context context,
static krb5_error_code
RSA_MD5_DES_verify(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -170,7 +170,7 @@ RSA_MD5_DES_verify(krb5_context context,
return _krb5_des_verify(context, EVP_md5(), key, data, len, C);
}
-struct checksum_type _krb5_checksum_crc32 = {
+struct _krb5_checksum_type _krb5_checksum_crc32 = {
CKSUMTYPE_CRC32,
"crc32",
1,
@@ -180,7 +180,7 @@ struct checksum_type _krb5_checksum_crc32 = {
NULL
};
-struct checksum_type _krb5_checksum_rsa_md4 = {
+struct _krb5_checksum_type _krb5_checksum_rsa_md4 = {
CKSUMTYPE_RSA_MD4,
"rsa-md4",
64,
@@ -190,7 +190,7 @@ struct checksum_type _krb5_checksum_rsa_md4 = {
NULL
};
-struct checksum_type _krb5_checksum_rsa_md4_des = {
+struct _krb5_checksum_type _krb5_checksum_rsa_md4_des = {
CKSUMTYPE_RSA_MD4_DES,
"rsa-md4-des",
64,
@@ -200,7 +200,7 @@ struct checksum_type _krb5_checksum_rsa_md4_des = {
RSA_MD4_DES_verify
};
-struct checksum_type _krb5_checksum_rsa_md5_des = {
+struct _krb5_checksum_type _krb5_checksum_rsa_md5_des = {
CKSUMTYPE_RSA_MD5_DES,
"rsa-md5-des",
64,
@@ -212,14 +212,14 @@ struct checksum_type _krb5_checksum_rsa_md5_des = {
static krb5_error_code
evp_des_encrypt_null_ivec(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
- struct evp_schedule *ctx = key->schedule->data;
+ struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_CIPHER_CTX *c;
DES_cblock ivec;
memset(&ivec, 0, sizeof(ivec));
@@ -231,14 +231,14 @@ evp_des_encrypt_null_ivec(krb5_context context,
static krb5_error_code
evp_des_encrypt_key_ivec(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
int usage,
void *ignore_ivec)
{
- struct evp_schedule *ctx = key->schedule->data;
+ struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_CIPHER_CTX *c;
DES_cblock ivec;
memcpy(&ivec, key->key->keyvalue.data, sizeof(ivec));
@@ -250,7 +250,7 @@ evp_des_encrypt_key_ivec(krb5_context context,
static krb5_error_code
DES_CFB64_encrypt_null_ivec(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@@ -268,7 +268,7 @@ DES_CFB64_encrypt_null_ivec(krb5_context context,
static krb5_error_code
DES_PCBC_encrypt_key_ivec(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@@ -283,7 +283,7 @@ DES_PCBC_encrypt_key_ivec(krb5_context context,
return 0;
}
-struct encryption_type _krb5_enctype_des_cbc_crc = {
+struct _krb5_encryption_type _krb5_enctype_des_cbc_crc = {
ETYPE_DES_CBC_CRC,
"des-cbc-crc",
8,
@@ -298,7 +298,7 @@ struct encryption_type _krb5_enctype_des_cbc_crc = {
NULL
};
-struct encryption_type _krb5_enctype_des_cbc_md4 = {
+struct _krb5_encryption_type _krb5_enctype_des_cbc_md4 = {
ETYPE_DES_CBC_MD4,
"des-cbc-md4",
8,
@@ -313,7 +313,7 @@ struct encryption_type _krb5_enctype_des_cbc_md4 = {
NULL
};
-struct encryption_type _krb5_enctype_des_cbc_md5 = {
+struct _krb5_encryption_type _krb5_enctype_des_cbc_md5 = {
ETYPE_DES_CBC_MD5,
"des-cbc-md5",
8,
@@ -328,7 +328,7 @@ struct encryption_type _krb5_enctype_des_cbc_md5 = {
NULL
};
-struct encryption_type _krb5_enctype_des_cbc_none = {
+struct _krb5_encryption_type _krb5_enctype_des_cbc_none = {
ETYPE_DES_CBC_NONE,
"des-cbc-none",
8,
@@ -343,7 +343,7 @@ struct encryption_type _krb5_enctype_des_cbc_none = {
NULL
};
-struct encryption_type _krb5_enctype_des_cfb64_none = {
+struct _krb5_encryption_type _krb5_enctype_des_cfb64_none = {
ETYPE_DES_CFB64_NONE,
"des-cfb64-none",
1,
@@ -358,7 +358,7 @@ struct encryption_type _krb5_enctype_des_cfb64_none = {
NULL
};
-struct encryption_type _krb5_enctype_des_pcbc_none = {
+struct _krb5_encryption_type _krb5_enctype_des_pcbc_none = {
ETYPE_DES_PCBC_NONE,
"des-pcbc-none",
8,
diff --git a/source4/heimdal/lib/krb5/crypto-des3.c b/source4/heimdal/lib/krb5/crypto-des3.c
index 1ff692b520..b61948895a 100644
--- a/source4/heimdal/lib/krb5/crypto-des3.c
+++ b/source4/heimdal/lib/krb5/crypto-des3.c
@@ -54,12 +54,12 @@ DES3_random_key(krb5_context context,
#ifdef DES3_OLD_ENCTYPE
-static struct key_type keytype_des3 = {
+static struct _krb5_key_type keytype_des3 = {
KEYTYPE_DES3,
"des3",
168,
24,
- sizeof(struct evp_schedule),
+ sizeof(struct _krb5_evp_schedule),
DES3_random_key,
_krb5_evp_schedule,
_krb5_des3_salt,
@@ -69,12 +69,12 @@ static struct key_type keytype_des3 = {
};
#endif
-static struct key_type keytype_des3_derived = {
+static struct _krb5_key_type keytype_des3_derived = {
KEYTYPE_DES3,
"des3",
168,
24,
- sizeof(struct evp_schedule),
+ sizeof(struct _krb5_evp_schedule),
DES3_random_key,
_krb5_evp_schedule,
_krb5_des3_salt_derived,
@@ -86,7 +86,7 @@ static struct key_type keytype_des3_derived = {
#ifdef DES3_OLD_ENCTYPE
static krb5_error_code
RSA_MD5_DES3_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -97,7 +97,7 @@ RSA_MD5_DES3_checksum(krb5_context context,
static krb5_error_code
RSA_MD5_DES3_verify(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -106,7 +106,7 @@ RSA_MD5_DES3_verify(krb5_context context,
return _krb5_des_verify(context, EVP_md5(), key, data, len, C);
}
-struct checksum_type _krb5_checksum_rsa_md5_des3 = {
+struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3 = {
CKSUMTYPE_RSA_MD5_DES3,
"rsa-md5-des3",
64,
@@ -117,7 +117,7 @@ struct checksum_type _krb5_checksum_rsa_md5_des3 = {
};
#endif
-struct checksum_type _krb5_checksum_hmac_sha1_des3 = {
+struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3 = {
CKSUMTYPE_HMAC_SHA1_DES3,
"hmac-sha1-des3",
64,
@@ -128,7 +128,7 @@ struct checksum_type _krb5_checksum_hmac_sha1_des3 = {
};
#ifdef DES3_OLD_ENCTYPE
-struct encryption_type _krb5_enctype_des3_cbc_md5 = {
+struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5 = {
ETYPE_DES3_CBC_MD5,
"des3-cbc-md5",
8,
@@ -144,7 +144,7 @@ struct encryption_type _krb5_enctype_des3_cbc_md5 = {
};
#endif
-struct encryption_type _krb5_enctype_des3_cbc_sha1 = {
+struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1 = {
ETYPE_DES3_CBC_SHA1,
"des3-cbc-sha1",
8,
@@ -160,7 +160,7 @@ struct encryption_type _krb5_enctype_des3_cbc_sha1 = {
};
#ifdef DES3_OLD_ENCTYPE
-struct encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
+struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
ETYPE_OLD_DES3_CBC_SHA1,
"old-des3-cbc-sha1",
8,
@@ -176,7 +176,7 @@ struct encryption_type _krb5_enctype_old_des3_cbc_sha1 = {
};
#endif
-struct encryption_type _krb5_enctype_des3_cbc_none = {
+struct _krb5_encryption_type _krb5_enctype_des3_cbc_none = {
ETYPE_DES3_CBC_NONE,
"des3-cbc-none",
8,
diff --git a/source4/heimdal/lib/krb5/crypto-evp.c b/source4/heimdal/lib/krb5/crypto-evp.c
index 69d1e2679d..3f9cd57bbc 100644
--- a/source4/heimdal/lib/krb5/crypto-evp.c
+++ b/source4/heimdal/lib/krb5/crypto-evp.c
@@ -35,10 +35,10 @@
void
_krb5_evp_schedule(krb5_context context,
- struct key_type *kt,
- struct key_data *kd)
+ struct _krb5_key_type *kt,
+ struct _krb5_key_data *kd)
{
- struct evp_schedule *key = kd->schedule->data;
+ struct _krb5_evp_schedule *key = kd->schedule->data;
const EVP_CIPHER *c = (*kt->evp)();
EVP_CIPHER_CTX_init(&key->ectx);
@@ -49,23 +49,23 @@ _krb5_evp_schedule(krb5_context context,
}
void
-_krb5_evp_cleanup(krb5_context context, struct key_data *kd)
+_krb5_evp_cleanup(krb5_context context, struct _krb5_key_data *kd)
{
- struct evp_schedule *key = kd->schedule->data;
+ struct _krb5_evp_schedule *key = kd->schedule->data;
EVP_CIPHER_CTX_cleanup(&key->ectx);
EVP_CIPHER_CTX_cleanup(&key->dctx);
}
krb5_error_code
_krb5_evp_encrypt(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
int usage,
void *ivec)
{
- struct evp_schedule *ctx = key->schedule->data;
+ struct _krb5_evp_schedule *ctx = key->schedule->data;
EVP_CIPHER_CTX *c;
c = encryptp ? &ctx->ectx : &ctx->dctx;
if (ivec == NULL) {
@@ -89,7 +89,7 @@ static const unsigned char zero_ivec[EVP_MAX_BLOCK_LENGTH] = { 0 };
krb5_error_code
_krb5_evp_encrypt_cts(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@@ -97,7 +97,7 @@ _krb5_evp_encrypt_cts(krb5_context context,
void *ivec)
{
size_t i, blocksize;
- struct evp_schedule *ctx = key->schedule->data;
+ struct _krb5_evp_schedule *ctx = key->schedule->data;
char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH];
EVP_CIPHER_CTX *c;
unsigned char *p;
diff --git a/source4/heimdal/lib/krb5/crypto-null.c b/source4/heimdal/lib/krb5/crypto-null.c
index 3a5c6b6cb3..69d0e7c34e 100644
--- a/source4/heimdal/lib/krb5/crypto-null.c
+++ b/source4/heimdal/lib/krb5/crypto-null.c
@@ -37,7 +37,7 @@
#define DES3_OLD_ENCTYPE 1
#endif
-static struct key_type keytype_null = {
+static struct _krb5_key_type keytype_null = {
KEYTYPE_NULL,
"null",
0,
@@ -50,7 +50,7 @@ static struct key_type keytype_null = {
static krb5_error_code
NONE_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -59,7 +59,7 @@ NONE_checksum(krb5_context context,
return 0;
}
-struct checksum_type _krb5_checksum_none = {
+struct _krb5_checksum_type _krb5_checksum_none = {
CKSUMTYPE_NONE,
"none",
1,
@@ -71,7 +71,7 @@ struct checksum_type _krb5_checksum_none = {
static krb5_error_code
NULL_encrypt(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data,
size_t len,
krb5_boolean encryptp,
@@ -81,7 +81,7 @@ NULL_encrypt(krb5_context context,
return 0;
}
-struct encryption_type _krb5_enctype_null = {
+struct _krb5_encryption_type _krb5_enctype_null = {
ETYPE_NULL,
"null",
1,
diff --git a/source4/heimdal/lib/krb5/crypto-pk.c b/source4/heimdal/lib/krb5/crypto-pk.c
index 21e729c9e1..eb783c8998 100644
--- a/source4/heimdal/lib/krb5/crypto-pk.c
+++ b/source4/heimdal/lib/krb5/crypto-pk.c
@@ -44,7 +44,7 @@ _krb5_pk_octetstring2key(krb5_context context,
const heim_octet_string *k_n,
krb5_keyblock *key)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
krb5_error_code ret;
size_t keylen, offset;
void *keydata;
@@ -205,7 +205,7 @@ _krb5_pk_kdf(krb5_context context,
const Ticket *ticket,
krb5_keyblock *key)
{
- struct encryption_type *et;
+ struct _krb5_encryption_type *et;
krb5_error_code ret;
krb5_data other;
size_t keylen, offset;
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index aa417e15eb..5d274e9af7 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -35,17 +35,23 @@
#include "krb5_locl.h"
+struct _krb5_key_usage {
+ unsigned usage;
+ struct _krb5_key_data key;
+};
+
+
#ifndef HEIMDAL_SMALLER
#define DES3_OLD_ENCTYPE 1
#endif
static krb5_error_code _get_derived_key(krb5_context, krb5_crypto,
- unsigned, struct key_data**);
-static struct key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
+ unsigned, struct _krb5_key_data**);
+static struct _krb5_key_data *_new_derived_key(krb5_crypto crypto, unsigned usage);
static void free_key_schedule(krb5_context,
- struct key_data *,
- struct encryption_type *);
+ struct _krb5_key_data *,
+ struct _krb5_encryption_type *);
/************************************************************
* *
@@ -56,7 +62,7 @@ krb5_enctype_keysize(krb5_context context,
krb5_enctype type,
size_t *keysize)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -72,7 +78,7 @@ krb5_enctype_keybits(krb5_context context,
krb5_enctype type,
size_t *keybits)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
"encryption type %d not supported",
@@ -89,7 +95,7 @@ krb5_generate_random_keyblock(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -110,11 +116,11 @@ krb5_generate_random_keyblock(krb5_context context,
static krb5_error_code
_key_schedule(krb5_context context,
- struct key_data *key)
+ struct _krb5_key_data *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(key->key->keytype);
- struct key_type *kt;
+ struct _krb5_encryption_type *et = _krb5_find_enctype(key->key->keytype);
+ struct _krb5_key_type *kt;
if (et == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -150,7 +156,7 @@ _key_schedule(krb5_context context,
static krb5_error_code
SHA1_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
@@ -164,11 +170,11 @@ SHA1_checksum(krb5_context context,
/* HMAC according to RFC2104 */
krb5_error_code
_krb5_internal_hmac(krb5_context context,
- struct checksum_type *cm,
+ struct _krb5_checksum_type *cm,
const void *data,
size_t len,
unsigned usage,
- struct key_data *keyblock,
+ struct _krb5_key_data *keyblock,
Checksum *result)
{
unsigned char *ipad, *opad;
@@ -228,8 +234,8 @@ krb5_hmac(krb5_context context,
krb5_keyblock *key,
Checksum *result)
{
- struct checksum_type *c = _krb5_find_checksum(cktype);
- struct key_data kd;
+ struct _krb5_checksum_type *c = _krb5_find_checksum(cktype);
+ struct _krb5_key_data kd;
krb5_error_code ret;
if (c == NULL) {
@@ -252,13 +258,13 @@ krb5_hmac(krb5_context context,
krb5_error_code
_krb5_SP_HMAC_SHA1_checksum(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *data,
size_t len,
unsigned usage,
Checksum *result)
{
- struct checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
+ struct _krb5_checksum_type *c = _krb5_find_checksum(CKSUMTYPE_SHA1);
Checksum res;
char sha1_data[20];
krb5_error_code ret;
@@ -273,7 +279,7 @@ _krb5_SP_HMAC_SHA1_checksum(krb5_context context,
return 0;
}
-struct checksum_type _krb5_checksum_sha1 = {
+struct _krb5_checksum_type _krb5_checksum_sha1 = {
CKSUMTYPE_SHA1,
"sha1",
64,
@@ -283,7 +289,7 @@ struct checksum_type _krb5_checksum_sha1 = {
NULL
};
-struct checksum_type *
+struct _krb5_checksum_type *
_krb5_find_checksum(krb5_cksumtype type)
{
int i;
@@ -297,8 +303,8 @@ static krb5_error_code
get_checksum_key(krb5_context context,
krb5_crypto crypto,
unsigned usage, /* not krb5_key_usage */
- struct checksum_type *ct,
- struct key_data **key)
+ struct _krb5_checksum_type *ct,
+ struct _krb5_key_data **key)
{
krb5_error_code ret = 0;
@@ -327,7 +333,7 @@ get_checksum_key(krb5_context context,
static krb5_error_code
create_checksum (krb5_context context,
- struct checksum_type *ct,
+ struct _krb5_checksum_type *ct,
krb5_crypto crypto,
unsigned usage,
void *data,
@@ -335,7 +341,7 @@ create_checksum (krb5_context context,
Checksum *result)
{
krb5_error_code ret;
- struct key_data *dkey;
+ struct _krb5_key_data *dkey;
int keyed_checksum;
if (ct->flags & F_DISABLED) {
@@ -364,7 +370,7 @@ create_checksum (krb5_context context,
}
static int
-arcfour_checksum_p(struct checksum_type *ct, krb5_crypto crypto)
+arcfour_checksum_p(struct _krb5_checksum_type *ct, krb5_crypto crypto)
{
return (ct->type == CKSUMTYPE_HMAC_MD5) &&
(crypto->key.key->keytype == KEYTYPE_ARCFOUR);
@@ -379,7 +385,7 @@ krb5_create_checksum(krb5_context context,
size_t len,
Checksum *result)
{
- struct checksum_type *ct = NULL;
+ struct _krb5_checksum_type *ct = NULL;
unsigned keyusage;
/* type 0 -> pick from crypto */
@@ -417,10 +423,10 @@ verify_checksum(krb5_context context,
Checksum *cksum)
{
krb5_error_code ret;
- struct key_data *dkey;
+ struct _krb5_key_data *dkey;
int keyed_checksum;
Checksum c;
- struct checksum_type *ct;
+ struct _krb5_checksum_type *ct;
ct = _krb5_find_checksum(cksum->cksumtype);
if (ct == NULL || (ct->flags & F_DISABLED)) {
@@ -441,7 +447,7 @@ verify_checksum(krb5_context context,
}
keyed_checksum = (ct->flags & F_KEYED) != 0;
if(keyed_checksum) {
- struct checksum_type *kct;
+ struct _krb5_checksum_type *kct;
if (crypto == NULL) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed but no "
@@ -511,7 +517,7 @@ krb5_verify_checksum(krb5_context context,
size_t len,
Checksum *cksum)
{
- struct checksum_type *ct;
+ struct _krb5_checksum_type *ct;
unsigned keyusage;
ct = _krb5_find_checksum(cksum->cksumtype);
@@ -537,7 +543,7 @@ krb5_crypto_get_checksum_type(krb5_context context,
krb5_crypto crypto,
krb5_cksumtype *type)
{
- struct checksum_type *ct = NULL;
+ struct _krb5_checksum_type *ct = NULL;
if (crypto != NULL) {
ct = crypto->et->keyed_checksum;
@@ -562,7 +568,7 @@ krb5_checksumsize(krb5_context context,
krb5_cksumtype type,
size_t *size)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
@@ -577,7 +583,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_keyed(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@@ -592,7 +598,7 @@ KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL
krb5_checksum_is_collision_proof(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@@ -607,7 +613,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_checksum_disable(krb5_context context,
krb5_cksumtype type)
{
- struct checksum_type *ct = _krb5_find_checksum(type);
+ struct _krb5_checksum_type *ct = _krb5_find_checksum(type);
if(ct == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
@@ -623,7 +629,7 @@ krb5_checksum_disable(krb5_context context,
* *
************************************************************/
-struct encryption_type *
+struct _krb5_encryption_type *
_krb5_find_enctype(krb5_enctype type)
{
int i;
@@ -639,7 +645,7 @@ krb5_enctype_to_string(krb5_context context,
krb5_enctype etype,
char **string)
{
- struct encryption_type *e;
+ struct _krb5_encryption_type *e;
e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -678,7 +684,7 @@ krb5_enctype_to_keytype(krb5_context context,
krb5_enctype etype,
krb5_keytype *keytype)
{
- struct encryption_type *e = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -693,7 +699,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_valid(krb5_context context,
krb5_enctype etype)
{
- struct encryption_type *e = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *e = _krb5_find_enctype(etype);
if(e == NULL) {
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -751,7 +757,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_cksumtype_valid(krb5_context context,
krb5_cksumtype ctype)
{
- struct checksum_type *c = _krb5_find_checksum(ctype);
+ struct _krb5_checksum_type *c = _krb5_find_checksum(ctype);
if (c == NULL) {
krb5_set_error_message (context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("checksum type %d not supported", ""),
@@ -798,8 +804,8 @@ encrypt_internal_derived(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- const struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
@@ -864,7 +870,7 @@ encrypt_internal(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- const struct encryption_type *et = crypto->et;
+ const struct _krb5_encryption_type *et = crypto->et;
checksum_sz = CHECKSUMSIZE(et->checksum);
@@ -926,7 +932,7 @@ encrypt_internal_special(krb5_context context,
krb5_data *result,
void *ivec)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len + cksum_sz + et->confoundersize;
char *tmp, *p;
@@ -967,8 +973,8 @@ decrypt_internal_derived(krb5_context context,
Checksum cksum;
unsigned char *p;
krb5_error_code ret;
- struct key_data *dkey;
- struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ struct _krb5_encryption_type *et = crypto->et;
unsigned long l;
checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
@@ -1047,7 +1053,7 @@ decrypt_internal(krb5_context context,
unsigned char *p;
Checksum cksum;
size_t checksum_sz, l;
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
if ((len % et->padsize) != 0) {
krb5_clear_error_message(context);
@@ -1112,7 +1118,7 @@ decrypt_internal_special(krb5_context context,
krb5_data *result,
void *ivec)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t cksum_sz = CHECKSUMSIZE(et->checksum);
size_t sz = len - cksum_sz - et->confoundersize;
unsigned char *p;
@@ -1201,8 +1207,8 @@ krb5_encrypt_iov_ivec(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- const struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ const struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *piv, *hiv;
if (num_data < 0) {
@@ -1393,8 +1399,8 @@ krb5_decrypt_iov_ivec(krb5_context context,
Checksum cksum;
unsigned char *p, *q;
krb5_error_code ret;
- struct key_data *dkey;
- struct encryption_type *et = crypto->et;
+ struct _krb5_key_data *dkey;
+ struct _krb5_encryption_type *et = crypto->et;
krb5_crypto_iov *tiv, *hiv;
if (num_data < 0) {
@@ -1619,7 +1625,7 @@ krb5_verify_checksum_iov(krb5_context context,
unsigned int num_data,
krb5_cksumtype *type)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
Checksum cksum;
krb5_crypto_iov *civ;
krb5_error_code ret;
@@ -1833,15 +1839,15 @@ krb5_decrypt_EncryptedData(krb5_context context,
krb5_error_code
_krb5_derive_key(krb5_context context,
- struct encryption_type *et,
- struct key_data *key,
+ struct _krb5_encryption_type *et,
+ struct _krb5_key_data *key,
const void *constant,
size_t len)
{
unsigned char *k = NULL;
unsigned int nblocks = 0, i;
krb5_error_code ret = 0;
- struct key_type *kt = et->keytype;
+ struct _krb5_key_type *kt = et->keytype;
ret = _key_schedule(context, key);
if(ret)
@@ -1923,10 +1929,10 @@ _krb5_derive_key(krb5_context context,
return ret;
}
-static struct key_data *
+static struct _krb5_key_data *
_new_derived_key(krb5_crypto crypto, unsigned usage)
{
- struct key_usage *d = crypto->key_usage;
+ struct _krb5_key_usage *d = crypto->key_usage;
d = realloc(d, (crypto->num_key_usage + 1) * sizeof(*d));
if(d == NULL)
return NULL;
@@ -1946,8 +1952,8 @@ krb5_derive_key(krb5_context context,
krb5_keyblock **derived_key)
{
krb5_error_code ret;
- struct encryption_type *et;
- struct key_data d;
+ struct _krb5_encryption_type *et;
+ struct _krb5_key_data d;
*derived_key = NULL;
@@ -1975,10 +1981,10 @@ static krb5_error_code
_get_derived_key(krb5_context context,
krb5_crypto crypto,
unsigned usage,
- struct key_data **key)
+ struct _krb5_key_data **key)
{
int i;
- struct key_data *d;
+ struct _krb5_key_data *d;
unsigned char constant[5];
for(i = 0; i < crypto->num_key_usage; i++)
@@ -2060,8 +2066,8 @@ krb5_crypto_init(krb5_context context,
static void
free_key_schedule(krb5_context context,
- struct key_data *key,
- struct encryption_type *et)
+ struct _krb5_key_data *key,
+ struct _krb5_encryption_type *et)
{
if (et->keytype->cleanup)
(*et->keytype->cleanup)(context, key);
@@ -2070,8 +2076,8 @@ free_key_schedule(krb5_context context,
}
void
-_krb5_free_key_data(krb5_context context, struct key_data *key,
- struct encryption_type *et)
+_krb5_free_key_data(krb5_context context, struct _krb5_key_data *key,
+ struct _krb5_encryption_type *et)
{
krb5_free_keyblock(context, key->key);
if(key->schedule) {
@@ -2081,8 +2087,8 @@ _krb5_free_key_data(krb5_context context, struct key_data *key,
}
static void
-free_key_usage(krb5_context context, struct key_usage *ku,
- struct encryption_type *et)
+free_key_usage(krb5_context context, struct _krb5_key_usage *ku,
+ struct _krb5_encryption_type *et)
{
_krb5_free_key_data(context, &ku->key, et);
}
@@ -2212,7 +2218,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_disable(krb5_context context,
krb5_enctype enctype)
{
- struct encryption_type *et = _krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -2239,7 +2245,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_enctype_enable(krb5_context context,
krb5_enctype enctype)
{
- struct encryption_type *et = _krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(enctype);
if(et == NULL) {
if (context)
krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP,
@@ -2283,7 +2289,7 @@ wrapped_length (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t checksumsize = CHECKSUMSIZE(et->checksum);
size_t res;
@@ -2298,7 +2304,7 @@ wrapped_length_dervied (krb5_context context,
krb5_crypto crypto,
size_t data_len)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t padsize = et->padsize;
size_t res;
@@ -2334,7 +2340,7 @@ static size_t
crypto_overhead (krb5_context context,
krb5_crypto crypto)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t res;
res = CHECKSUMSIZE(et->checksum);
@@ -2348,7 +2354,7 @@ static size_t
crypto_overhead_dervied (krb5_context context,
krb5_crypto crypto)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
size_t res;
if (et->keyed_checksum)
@@ -2395,7 +2401,7 @@ krb5_random_to_key(krb5_context context,
krb5_keyblock *key)
{
krb5_error_code ret;
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
N_("encryption type %d not supported", ""),
@@ -2429,7 +2435,7 @@ krb5_crypto_prf_length(krb5_context context,
krb5_enctype type,
size_t *length)
{
- struct encryption_type *et = _krb5_find_enctype(type);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(type);
if(et == NULL || et->prf_length == 0) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
@@ -2448,7 +2454,7 @@ krb5_crypto_prf(krb5_context context,
const krb5_data *input,
krb5_data *output)
{
- struct encryption_type *et = crypto->et;
+ struct _krb5_encryption_type *et = crypto->et;
krb5_data_zero(output);
@@ -2640,8 +2646,8 @@ krb5_enctypes_compatible_keys(krb5_context context,
krb5_enctype etype1,
krb5_enctype etype2)
{
- struct encryption_type *e1 = _krb5_find_enctype(etype1);
- struct encryption_type *e2 = _krb5_find_enctype(etype2);
+ struct _krb5_encryption_type *e1 = _krb5_find_enctype(etype1);
+ struct _krb5_encryption_type *e2 = _krb5_find_enctype(etype2);
return e1 != NULL && e2 != NULL && e1->keytype == e2->keytype;
}
diff --git a/source4/heimdal/lib/krb5/crypto.h b/source4/heimdal/lib/krb5/crypto.h
index c57221b1e6..bf945875b9 100644
--- a/source4/heimdal/lib/krb5/crypto.h
+++ b/source4/heimdal/lib/krb5/crypto.h
@@ -35,21 +35,18 @@
#define DES3_OLD_ENCTYPE 1
#endif
-struct key_data {
+struct _krb5_key_data {
krb5_keyblock *key;
krb5_data *schedule;
};
-struct key_usage {
- unsigned usage;
- struct key_data key;
-};
+struct _krb5_key_usage;
struct krb5_crypto_data {
- struct encryption_type *et;
- struct key_data key;
+ struct _krb5_encryption_type *et;
+ struct _krb5_key_data key;
int num_key_usage;
- struct key_usage *key_usage;
+ struct _krb5_key_usage *key_usage;
};
#define CRYPTO_ETYPE(C) ((C)->et->type)
@@ -71,50 +68,50 @@ struct salt_type {
krb5_salt, krb5_data, krb5_keyblock*);
};
-struct key_type {
+struct _krb5_key_type {
krb5_keytype type; /* XXX */
const char *name;
size_t bits;
size_t size;
size_t schedule_size;
void (*random_key)(krb5_context, krb5_keyblock*);
- void (*schedule)(krb5_context, struct key_type *, struct key_data *);
+ void (*schedule)(krb5_context, struct _krb5_key_type *, struct _krb5_key_data *);
struct salt_type *string_to_key;
void (*random_to_key)(krb5_context, krb5_keyblock*, const void*, size_t);
- void (*cleanup)(krb5_context, struct key_data *);
+ void (*cleanup)(krb5_context, struct _krb5_key_data *);
const EVP_CIPHER *(*evp)(void);
};
-struct checksum_type {
+struct _krb5_checksum_type {
krb5_cksumtype type;
const char *name;
size_t blocksize;
size_t checksumsize;
unsigned flags;
krb5_error_code (*checksum)(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage,
Checksum *csum);
krb5_error_code (*verify)(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
const void *buf, size_t len,
unsigned usage,
Checksum *csum);
};
-struct encryption_type {
+struct _krb5_encryption_type {
krb5_enctype type;
const char *name;
size_t blocksize;
size_t padsize;
size_t confoundersize;
- struct key_type *keytype;
- struct checksum_type *checksum;
- struct checksum_type *keyed_checksum;
+ struct _krb5_key_type *keytype;
+ struct _krb5_checksum_type *checksum;
+ struct _krb5_checksum_type *keyed_checksum;
unsigned flags;
krb5_error_code (*encrypt)(krb5_context context,
- struct key_data *key,
+ struct _krb5_key_data *key,
void *data, size_t len,
krb5_boolean encryptp,
int usage,
@@ -130,20 +127,20 @@ struct encryption_type {
/* Checksums */
-extern struct checksum_type _krb5_checksum_none;
-extern struct checksum_type _krb5_checksum_crc32;
-extern struct checksum_type _krb5_checksum_rsa_md4;
-extern struct checksum_type _krb5_checksum_rsa_md4_des;
-extern struct checksum_type _krb5_checksum_rsa_md5_des;
-extern struct checksum_type _krb5_checksum_rsa_md5_des3;
-extern struct checksum_type _krb5_checksum_rsa_md5;
-extern struct checksum_type _krb5_checksum_hmac_sha1_des3;
-extern struct checksum_type _krb5_checksum_hmac_sha1_aes128;
-extern struct checksum_type _krb5_checksum_hmac_sha1_aes256;
-extern struct checksum_type _krb5_checksum_hmac_md5;
-extern struct checksum_type _krb5_checksum_sha1;
-
-extern struct checksum_type *_krb5_checksum_types[];
+extern struct _krb5_checksum_type _krb5_checksum_none;
+extern struct _krb5_checksum_type _krb5_checksum_crc32;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md4;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md4_des;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md5_des3;
+extern struct _krb5_checksum_type _krb5_checksum_rsa_md5;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_des3;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes128;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_sha1_aes256;
+extern struct _krb5_checksum_type _krb5_checksum_hmac_md5;
+extern struct _krb5_checksum_type _krb5_checksum_sha1;
+
+extern struct _krb5_checksum_type *_krb5_checksum_types[];
extern int _krb5_num_checksums;
/* Salts */
@@ -156,27 +153,27 @@ extern struct salt_type _krb5_des3_salt_derived[];
/* Encryption types */
-extern struct encryption_type _krb5_enctype_aes256_cts_hmac_sha1;
-extern struct encryption_type _krb5_enctype_aes128_cts_hmac_sha1;
-extern struct encryption_type _krb5_enctype_des3_cbc_sha1;
-extern struct encryption_type _krb5_enctype_des3_cbc_md5;
-extern struct encryption_type _krb5_enctype_des3_cbc_none;
-extern struct encryption_type _krb5_enctype_arcfour_hmac_md5;
-extern struct encryption_type _krb5_enctype_des_cbc_md5;
-extern struct encryption_type _krb5_enctype_old_des3_cbc_sha1;
-extern struct encryption_type _krb5_enctype_des_cbc_crc;
-extern struct encryption_type _krb5_enctype_des_cbc_md4;
-extern struct encryption_type _krb5_enctype_des_cbc_md5;
-extern struct encryption_type _krb5_enctype_des_cbc_none;
-extern struct encryption_type _krb5_enctype_des_cfb64_none;
-extern struct encryption_type _krb5_enctype_des_pcbc_none;
-extern struct encryption_type _krb5_enctype_null;
-
-extern struct encryption_type *_krb5_etypes[];
+extern struct _krb5_encryption_type _krb5_enctype_aes256_cts_hmac_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_aes128_cts_hmac_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_md5;
+extern struct _krb5_encryption_type _krb5_enctype_des3_cbc_none;
+extern struct _krb5_encryption_type _krb5_enctype_arcfour_hmac_md5;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5;
+extern struct _krb5_encryption_type _krb5_enctype_old_des3_cbc_sha1;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_crc;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md4;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_md5;
+extern struct _krb5_encryption_type _krb5_enctype_des_cbc_none;
+extern struct _krb5_encryption_type _krb5_enctype_des_cfb64_none;
+extern struct _krb5_encryption_type _krb5_enctype_des_pcbc_none;
+extern struct _krb5_encryption_type _krb5_enctype_null;
+
+extern struct _krb5_encryption_type *_krb5_etypes[];
extern int _krb5_num_etypes;
/* Interface to the EVP crypto layer provided by hcrypto */
-struct evp_schedule {
+struct _krb5_evp_schedule {
EVP_CIPHER_CTX ectx;
EVP_CIPHER_CTX dctx;
};
diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index e06d4a12be..7f2b57247d 100644
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -734,7 +734,7 @@ get_cred_kdc_capath_worker(krb5_context context,
krb5_creds *in_creds,
krb5_const_realm try_realm,
krb5_principal impersonate_principal,
- Ticket *second_ticket,
+ Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
@@ -860,7 +860,7 @@ get_cred_kdc_capath_worker(krb5_context context,
}
krb5_free_creds(context, tgt);
return ret;
-}
+}
/*
get_cred(server)
@@ -883,7 +883,7 @@ get_cred_kdc_capath(krb5_context context,
krb5_ccache ccache,
krb5_creds *in_creds,
krb5_principal impersonate_principal,
- Ticket *second_ticket,
+ Ticket *second_ticket,
krb5_creds **out_creds,
krb5_creds ***ret_tgts)
{
diff --git a/source4/heimdal/lib/krb5/keytab.c b/source4/heimdal/lib/krb5/keytab.c
index e060774533..96c0bce273 100644
--- a/source4/heimdal/lib/krb5/keytab.c
+++ b/source4/heimdal/lib/krb5/keytab.c
@@ -78,8 +78,9 @@
* and/or temporary data not to be stored on disk. The type's name
* is MEMORY. Each MEMORY keytab is referenced counted by and
* opened by the residual name, so two handles can point to the
- * same memory area. When the last user closes the entry, it
- * disappears.
+ * same memory area. When the last user closes using krb5_kt_close()
+ * the keytab, the keys in they keytab is memset() to zero and freed
+ * and can no longer be looked up by name.
*
*
* @subsection krb5_keytab_example Keytab example
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index dd579f973b..8d671e3d36 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -241,6 +241,8 @@ typedef enum krb5_key_usage {
/* Encryption of the SAM-NONCE-OR-SAD field */
KRB5_KU_PA_PKINIT_KX = 44,
/* Encryption type of the kdc session contribution in pk-init */
+ KRB5_KU_AS_REQ = 56,
+ /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */
KRB5_KU_DIGEST_ENCRYPT = -18,
/* Encryption key usage used in the digest encryption field */
KRB5_KU_DIGEST_OPAQUE = -19,
diff --git a/source4/heimdal/lib/krb5/pac.c b/source4/heimdal/lib/krb5/pac.c
index db2428f95b..046a89cc6a 100644
--- a/source4/heimdal/lib/krb5/pac.c
+++ b/source4/heimdal/lib/krb5/pac.c
@@ -87,7 +87,7 @@ HMAC_MD5_any_checksum(krb5_context context,
unsigned usage,
Checksum *result)
{
- struct key_data local_key;
+ struct _krb5_key_data local_key;
krb5_error_code ret;
memset(&local_key, 0, sizeof(local_key));
@@ -106,7 +106,7 @@ HMAC_MD5_any_checksum(krb5_context context,
ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
if (ret)
krb5_data_free(&result->checksum);
-
+
krb5_free_keyblock(context, local_key.key);
return ret;
}
diff --git a/source4/heimdal/lib/krb5/plugin.c b/source4/heimdal/lib/krb5/plugin.c
index 8aff72ec85..ea47e13a7b 100644
--- a/source4/heimdal/lib/krb5/plugin.c
+++ b/source4/heimdal/lib/krb5/plugin.c
@@ -379,7 +379,7 @@ _krb5_plugin_free(struct krb5_plugin *list)
/*
* module - dict of {
* ModuleName = [
- * plugin = object{
+ * plugin = object{
* array = { ptr, ctx }
* }
* ]
@@ -556,7 +556,7 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
return;
pl = heim_alloc(sizeof(*pl), "struct-plug", plug_free);
-
+
cpm = pl->dataptr = dlsym(p->dsohandle, s->name);
if (cpm) {
int ret;
@@ -569,10 +569,10 @@ search_modules(void *ctx, heim_object_t key, heim_object_t value)
} else {
cpm = pl->dataptr;
}
-
+
if (cpm && cpm->version >= s->min_version)
heim_array_append_value(s->result, pl);
-
+
heim_release(pl);
}
@@ -619,11 +619,11 @@ _krb5_plugin_run_f(krb5_context context,
s.userctx = userctx;
heim_dict_iterate_f(dict, search_modules, &s);
-
+
heim_release(dict);
-
+
HEIMDAL_MUTEX_unlock(&plugin_mutex);
-
+
s.ret = KRB5_PLUGIN_NO_HANDLE;
heim_array_iterate_f(s.result, eval_results, &s);
diff --git a/source4/heimdal/lib/krb5/salt-aes.c b/source4/heimdal/lib/krb5/salt-aes.c
index 1c40b54f6b..32dafd68cb 100644
--- a/source4/heimdal/lib/krb5/salt-aes.c
+++ b/source4/heimdal/lib/krb5/salt-aes.c
@@ -45,8 +45,8 @@ AES_string_to_key(krb5_context context,
{
krb5_error_code ret;
uint32_t iter;
- struct encryption_type *et;
- struct key_data kd;
+ struct _krb5_encryption_type *et;
+ struct _krb5_key_data kd;
if (opaque.length == 0)
iter = _krb5_AES_string_to_default_iterator;
diff --git a/source4/heimdal/lib/krb5/salt.c b/source4/heimdal/lib/krb5/salt.c
index 69375f6a81..6f18308743 100644
--- a/source4/heimdal/lib/krb5/salt.c
+++ b/source4/heimdal/lib/krb5/salt.c
@@ -39,7 +39,7 @@ krb5_salttype_to_string (krb5_context context,
krb5_salttype stype,
char **string)
{
- struct encryption_type *e;
+ struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
@@ -71,7 +71,7 @@ krb5_string_to_salttype (krb5_context context,
const char *string,
krb5_salttype *salttype)
{
- struct encryption_type *e;
+ struct _krb5_encryption_type *e;
struct salt_type *st;
e = _krb5_find_enctype (etype);
@@ -187,7 +187,7 @@ krb5_string_to_key_data_salt_opaque (krb5_context context,
krb5_data opaque,
krb5_keyblock *key)
{
- struct encryption_type *et =_krb5_find_enctype(enctype);
+ struct _krb5_encryption_type *et =_krb5_find_enctype(enctype);
struct salt_type *st;
if(et == NULL) {
krb5_set_error_message(context, KRB5_PROG_ETYPE_NOSUPP,
@@ -247,9 +247,9 @@ krb5_string_to_key_derived(krb5_context context,
krb5_enctype etype,
krb5_keyblock *key)
{
- struct encryption_type *et = _krb5_find_enctype(etype);
+ struct _krb5_encryption_type *et = _krb5_find_enctype(etype);
krb5_error_code ret;
- struct key_data kd;
+ struct _krb5_key_data kd;
size_t keylen;
u_char *tmp;